The Tale of Smokey and the Crypto Bandits How Okteto uses Falco to keep users happy and our platform healthy Ramiro Berrelleza October 28, 2020 ● Co-founder of Okteto ● Former architect @ Atlassian malicious actions without requiring human intervention Future Ideas The Tale of Smokey and the Crypto Bandits Ramiro Berrelleza October 28, 2020

The fuzzy tale of an x/crypto vulnerability Michael McLoughlin Gophercon 2019 Lightning Talks Uber Advanced Technologies Group 8,140 lines of amd64 assembly in crypto 10,474 lines of amd64 assembly assembly in golang.org/x/crypto Fuzzing Fuzzing is an automated testing technique for hardening safety-critical software Typically used where code must handle untrusted inputs or correctness is paramount: 0 }  crypto/aes (GCM mode)  crypto/elliptic (P256)  crypto/sha1  crypto/sha256  crypto/sha512  x/crypto/chacha20poly1305  x/crypto/sha3  x/crypto/blake2b  x/crypto/blake2s  x/crypto/argon2

Redis TLS Origination through the sidecar Author: Sam Stoelinga | Twitter: samosx | GitHub: samos123 Based on blog post: https://samos-it.com/posts/securing-redis-istio-tls-origniation-termination Architecture: K8s app using Redis over TLS only app-1 Namespace ms-1 K8s Pod External DB ms-2 K8s Pod ms-3 K8s Pod TLS only ● App with multiple microservices ● external Redis TLS only ● each microservice traffic Istio TLS Origination Architecture: K8s app using Redis over TLS only (TLS origination) app-1 Namespace ms-1 K8s Pod External DB container app container istio-proxy TCP TLS ● app talks

Golang to the rescue: Saving DevOps from TLS turmoil GopherCon 2017 Lightning Talk Chris Short Manager of DevOps at Bankrate Introduction Chris Short Manager of DevOps at Bankrate (http://www.bankrate derived from an opensource.com article I wrote in April 2017: Golang to the rescue: Saving DevOps from TLS turmoil (https://opensource.com/article/17/4/testing-certi�cate-chains-34-line-go-program) But Most (https://github.com/ashleymcnamara/gophers) Three Go Packages: crypto/tls The Go crypto/tls (https://golang.org/pkg/crypto/tls/) package partially implements TLS 1.2, as speci�ed in RFC 5246 (https://tools.ietf.org/html/rfc5246)

第三届中国Rust开发者大会 简谈 Rust 与国密 TLS Introduction on Rust and SM TLS Title 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 就职于华为，目前正在使用 Rust 开发密码相关模块。 Rustacean 在华为。 Title 简谈 Rust 与国密 TLS Introduction on Rust Rust and Shangmi TLS 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 Overview of Shangmi Cryptography #1 国密算法总览 Table of Contents 目录 Use of Rust in Implementing Cryptographic Algorithms and Protocols 境外 不得使用 国密算法与协议介绍 Introduction to Shangmi Algorithms and Protocols Section #2 • 国密套件算法简介 • 国密 TLS 简介 来源：国密算法加密芯片，支持国密全套件等安全算法，http://www.bjlcs- tech.com/article/95.html 国密套件总览 List of Shangmi Cryptography

pluggable membership service provider is responsible for associating entities in the network with crypto- graphic identities. • An optional peer-to-peer gossip service disseminates the blocks output by other pertinent information • Channels contain Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper signing abilities. • TLS Root CA: This folder contains a list of self-signed X.509 certificates of the Root CAs trusted by this organization for TLS communications. An example of a TLS communication would

pluggable membership service provider is responsible for associating entities in the network with crypto- graphic identities. • An optional peer-to-peer gossip service disseminates the blocks output by other pertinent information • Channels contain Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper signing abilities. • TLS Root CA: This folder contains a list of self-signed X.509 certificates of the Root CAs trusted by this organization for TLS communications. An example of a TLS communication would

other pertinent information Channels contain Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the Ledger topic for a deeper signing abilities. TLS Root CA: This folder contains a list of self-signed X.509 certificates of the Root CAs trusted by this organization for TLS communications. An example of a TLS communication would would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes inside the network — the peers and the orderers, in other words, rather

other pertinent information Channels contain Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the Ledger topic for a deeper signing abilities. TLS Root CA: This folder contains a list of self-signed X.509 certificates of the Root CAs trusted by this organization for TLS communications. An example of a TLS communication would would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes inside the network — the peers and the orderers, in other words, rather

pluggable membership service provider is responsible for associating entities in the network with crypto- graphic identities. • An optional peer-to-peer gossip service disseminates the blocks output by other pertinent information • Channels contain Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities See the ledger topic for a deeper communications between nodes using TLS. An example of a TLS communication would be when a peer needs to connect to an orderer so that it can receive ledger updates. MSP TLS information relates to the nodes